Mandrake Linux Security Advisory : xpdf (MDKSA-2000:041-1)

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

There is a potential race condition when using tmpnam() and fopen() in
xpdf versions prior to 0.91. This exploit can be only used as root to
overwrite arbitrary files if a symlink is created between the calls to
tmpname() and fopen(). There is also a problem with malicious URL-type
links in PDF documents that contain quote characters which could also
potentially be used to execute arbitrary commands. This is due to xpdf
calling system() with a netscape (or similar) command plus the URL.
The 0.91 release of xpdf fixes both of these potential problems.
Although there are no known exploits, users are encouraged to upgrade
their system with these updates.

Update :

There was an incorrect dependency on the t1lib package in the previous
updates for xpdf for Linux-Mandrake 6.x and 7.0. This update resolves
those dependency issues.

Solution :

Update the affected xpdf package.

Risk factor :

High

Family: Mandriva Local Security Checks

Nessus Plugin ID: 61834 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now